1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Apple Itunes M3U CVE-2012-0677

Web Attack: Apple Itunes M3U CVE-2012-0677

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects the buffer overflow vulnerability in Apple iTunes Media player.

Additional Information

Apple iTunes is a media player for Microsoft Windows and Apple Mac OS X.

Apple iTunes is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a specially crafted '.m3u' playlist file.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Affected

  • Apple iTunes media player for Microsoft Windows and Apple Mac OS X.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube